Re: [Exim] exim -d9 shows my pgsql passwords

Góra strony
Delete this message
Reply to this message
Autor: Dean Brooks
Data:  
Dla: exim-users
Temat: Re: [Exim] exim -d9 shows my pgsql passwords
> ..as then subject says! It *is* useful for debugging, but poses an obvious
> security problem if you need privileged db access.
>
> Maybe the debug options should only be allowed to trusted_users?


Slightly related, -d9 debugging also will show the output of ALL
system-wide filter file processing for _any_ user that runs it.

This is, of course, rather undesirable for many situations where we
dont want users to necessarily see what processing we're doing in
the system wide filter file.

I would strongly urge Exim to be changed to not show system-wide filter
file debug information unless they are a trusted_user or admin_user.

So, it's similar to the previous post in that some debug information
should be hidden from regular users, expecially anytime it would show
potentially sensitive information.

Regards,

Dean A. Brooks
IgLou Internet Services, Inc.          Telephone (502) 966-3848
3315 Gilmore Industrial Blvd.          Facsimile (502) 968-0449
Louisville, Kentucky  40213            E-mail dean@???